Okay, here is the work around for this issue (note that if the popup
hovers over an IE SELECT control, it will have the incorrect z-index
due to a bug in IE <= 6):
<body onload="window['orgApacheMyfacesPopupfixIE'] = function() {}">
This will turn off the IE "hack". Since an IFRAME will not be used,
there will no longer be the warning of insecure items.
-Andrew
On 5/28/06, Andrew Robinson <[EMAIL PROTECTED]> wrote:
I was looking into this a bit further to see if I could pinpoint the
cause and it looks as if the problem is a result of the creation of an
IFRAME in the "orgApacheMyfacesPopupfixIE" JavaScript function.
What is the purpose of creating an IFRAME in IE? Is it because of IE's
SELECT z-index bug or is there another reason. It seems the side
affect is worse for HTTPS pages (for every page that has the control -
when the popup is shown - the user is asked if they want to allow
unsecure items to be displayed).
Before I go and remove this call in JS for my own environment I wanted
to know the rational behind it.
Thanks,
Andrew
On 4/27/06, Andrew Robinson <[EMAIL PROTECTED]> wrote:
> I don't think that the popup asks the server for anything. The HTML
> comes from javascript and the document.write method (which I opened a
> JIRA issue on). IE may not be liking the document.write being used in
> a secure page after the page has been finished loading. I cannot say
> for sure at all, but it would not surprise me.
>
> I opened JIRA so that document.write can be removed. document.write
> does not work with AJAX well at all and XHTML specification has
> removed that method, so it should not be used.
>
> Perhaps if the popup doesn't use this anymore the issue will go away.
>
> On 4/27/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> >
> > To be honest I wouldn't like to introduce an extra library for such simple
> > functionality. I considered doing away with the tooltip component but using
> > the title attribute or the alt attribute. Unfortunately Firefox doesn't
> > display the alt text and it truncates the title text.
> >
> > So the popup doesn't work well on Explorer while title/alt don't work well
> > on Firefox... :-(
> >
> > Strangely I was examining the requests sent by Explorer over the network
> > when using the popup and I could spot no requests that were sent over HTTP
> > (not S). In this sense, I can't see why Explorer is complaining...
> >
> > Jean
> >
> >
> > "Gilles DEMARTY" <[EMAIL PROTECTED]> wrote on 27/04/2006 10:19:38:
> >
> >
> > > > In shorter terms, is there any reason why the Tomahawk Popup would
> > > cause data to be passed over HTTP when it is used on a site which is
> > > served over HTTPS? Is there any workaround/solution?
> > > >
> > >
> > > Hi Jean,
> > >
> > > Got the same issue here. No workaround found until now.
> > > Maybe it's worth a JIRA ticket.
> > >
> > > By the way, it could be interesting to use DOJO 'Tooltip' widget to
> > > render the popup ?
> > >
> > > > Thanks
> > > >
> > > > Jean
> > > >
> > > >
> > > >
> >
> >
>
